Installation Guide. McAfee epolicy Orchestrator Software

Transcription

1 Installation Guide McAfee epolicy Orchestrator Software

2 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee epolicy Orchestrator Software Installation Guide

5 Preface This guide provides the information you need to install your McAfee product. Contents About this guide Finding product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses the following typographical conventions and icons. Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis. Bold User input or Path Code Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program. A code sample. User interface Hypertext blue Words in the user interface including options, menus, buttons, and dialog boxes. A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee epolicy Orchestrator Software Installation Guide 5

6 Preface Finding product documentation What's in this guide This guide is organized to help you find the information you need. It is organized into chapters that group relevant information together by task, so you can go directly to the topic you need to successfully complete your installation. In addition to first-time installation instructions for your McAfee epolicy Orchestrator (McAfee epo ) software, this guide covers: Upgrading your epolicy Orchestrator software Installing in a cluster environment Installing and upgrading remote Agent Handlers Troubleshooting and log file reference material Finding product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a Product, then select a Version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 6 McAfee epolicy Orchestrator Software Installation Guide

8 1 Installation requirements and recommendations Software requirements and recommendations Table 1-1 Hardware requirements and recommendations (continued) Component Network Interface Card (NIC) Ports Requirements and recommendations 100 Mb or higher If using a server with more than one IP address, epolicy Orchestrator software uses the first identified IP address. If you want to use additional IP addresses for agent-server communication, McAfee recommends creating additional Agent Handler groups for each IP address. See Working with Agent Handlers in the epolicy Orchestrator 4.6 Product Guide or Help for details about setting up Agent Handler groups. McAfee recommends avoiding the use of Port 8443 for HTTPS communication. Although this is the default port, it is also the primary port used by many web-based activities, is a popular target for malicious exploitation, and it is likely to be disabled by the system administrator in response to a security violation or outbreak. Ensure that the ports you choose are not already in use on the server system. Notify network staff of the ports you intend to use for HTTP and HTTPS communication. Installing the software on a Domain Controller is supported, but not recommended. Processor Intel Pentium 4-class or higher 1.3 GHz or higher Software requirements and recommendations Make sure you have the required and recommended software installed on your server system before installing epolicy Orchestrator software. Table 1-2 Software requirements and recommendations Software Microsoft.NET Framework 2.0 or later Microsoft updates Requirements and recommendations Required You must acquire and install this software manually. This software is required if you select an installation option that automatically installs the SQL Server Express 2005 software bundled with this epolicy Orchestrator software. If this software is missing, you must exit the Setup and acquire and install it manually before proceeding. Recommended Make sure your Microsoft software is running the latest updates. Turn off Windows updates before you begin installing or upgrading your software. Microsoft Visual C SP1 Redistributable Microsoft Visual C Redistributable Package (x86) MSXML 6.0 Required Installed automatically. Required Installed automatically. Required Installed automatically. 8 McAfee epolicy Orchestrator Software Installation Guide

13 2 2 Installing McAfee epolicy Orchestrator software epolicy Orchestrator software is installed on a Microsoft Windows server-class operating system using the epolicy Orchestrator InstallShield Wizard. The InstallShield Wizard walks you through the configuration steps required to get epolicy Orchestrator software running. Once you complete the installation process, you can start using the software immediately to get your managed environment set up. Refer to the epolicy Orchestrator 4.6 Product Guide or Help for details about configuring your server and setting up a managed environment. Contents Installation options Things to know before installation Performing Express installation Performing Custom installation Performing Cluster installation Performing remote Agent Handler installation Completing a first-time installation Installation options There are three installation options for epolicy Orchestrator software. Each option walks you through the installation process using the epolicy Orchestrator InstallShield Wizard. Use the following table to determine which option is right for your environment. McAfee epolicy Orchestrator Software Installation Guide 13

14 2 Installing McAfee epolicy Orchestrator software Things to know before installation Table 2-1 Installation options Installation option Express Custom Details The most direct installation path. Use this option if you want to accept McAfee's default installation settings. Customize your installation. Use this option when you want to specify the details of your software installation, including: The destination folder where the software is installed (C:\Program Files\McAfee \epolicy Orchestrator\ by default). The ports used. Installing SQL Server 2005 Express is optional. You can also specify a different supported SQL Server, if installed before you begin the McAfee epo software installation. Cluster Perform a cluster installation. Use this option when you want to install into a cluster environment. Before you begin installing the software: Your Microsoft Cluster Server (MSCS) environment must be set up. You must have a supported SQL Server installed in a location accessible to your cluster. If you are upgrading from a prior version of McAfee epolicy Orchestrator software or are migrating from an evaluation version, see Upgrading McAfee epolicy Orchestrator software. Things to know before installation Review this content before beginning your installation. Be sure that you have read, understood, and complied with the requirements and recommendations detailed in Installation requirements and recommendations before you begin the installation. You should have the following information available during the installation: McAfee Product License Key (not required to install an evaluation version of the software). Authentication credentials: Windows authentication credentials You must provide credentials for a domain administrator user account. SQL authentication credentials Depending on the SQL Server installation options you choose, you might be required to provide SQL authentication credentials. For more information about required SQL Server permissions, see About the SQL Server roles required for installation. A destination folder for epolicy Orchestrator software installation (required for Custom and Cluster installations). 14 McAfee epolicy Orchestrator Software Installation Guide

15 Installing McAfee epolicy Orchestrator software Things to know before installation 2 A supported SQL Server (optional for Custom installations, required for Cluster installations). If you're using a new SQL Server installed manually, or an existing SQL Server you might need to provide the following details during the installation process (depending on your configuration), on the Database Information page: The name of your SQL Server. Depending on the SQL server's configuration, this name should be formatted using the SQL Server name or the SQL Server name with instance name. The dynamic port number, if any, used by your SQL Server. About the SQL Server installation documented in this guide epolicy Orchestrator software requires the use of a supported SQL Server. The only installation scenario described in detail in this guide is a first-time installation of SQL Server 2005 Express. In this scenario, the InstallShield Wizard installs both the epolicy Orchestrator software and the SQL Server software on the same system. If you want to install the SQL Server on a different server from the McAfee epo server, you must install it manually. For more information on installing a different supported SQL Server, see the SQL Server software documentation. Cluster installation requires you to use a manually installed a SQL Server on a system other than where you install your epolicy Orchestrator software. Other relevant SQL Server installations and upgrades See the Microsoft documentation provided for information about the following installation scenarios: Installing SQL Server 2005 or 2008 Upgrading from MSDE 2000 to SQL Server 2005 or 2008 Upgrading from MSDE 2000 to SQL Server 2005 Express or 2008 Express If you are upgrading from MSDE 2000 or SQL 2000, be sure to follow Microsoft's required upgrade scenarios and reboot when requested by the Microsoft updates before installing epolicy Orchestrator software. About the SQL Server roles required for installation If you plan to use an existing SQL Server with your epolicy Orchestrator software, specific SQL Server roles are required to install successfully. If you select to use an existing SQL Server, or manually install a new SQL Server, you must provide credentials during the epolicy Orchestrator installation process for a user account that has been granted the server-role of dbcreator on the target SQL Server. This server-role is required for the Setup program to create and add the requisite core epolicy Orchestrator database object to the target SQL Server during installation. By default, once the core database is created this user account is granted the database-role of db_owner for the core database. After installation is complete, the dbcreator server-role can be revoked from this user account. Doing this restricts the account s permissions to only those granted the db_owner database-role on the core database. For more information about the SQL database roles required for your epolicy Orchestrator server, see Maintaining your epolicy Orchestrator databases in the Product Guide and Help. For a complete discussion of SQL Server roles and permissions, see the product documentation for the supported SQL Server you are using. McAfee epolicy Orchestrator Software Installation Guide 15

17 Installing McAfee epolicy Orchestrator software Performing Express installation 2 Task 1 Using an account with local administrator permissions, log on to the Windows server computer to be used as the epolicy Orchestrator server. 2 Run the Setup program. From the product CD: select a language in the epolicy Orchestrator autorun window, then select Install epolicy Orchestrator 4.6. From software downloaded from the McAfee website: extract files to a temporary location and double-click Setup.exe. The executable is located in the file EPO <build and package numbers>.zip. Do not attempt to run Setup.exe without first extracting the contents of the zip file. The McAfee epolicy Orchestrator - InstallShield Wizard is launched. 3 Click Next to begin the installation process. 4 In the Setup Type step, select Express and click Next. 5 In the Choose Database Option step, select MIcrosoft SQL Express and click Next. 6 In the Install additional software step, any remaining prerequisites are listed. To install them, click Next. Microsoft.NET Framework 2.0 (or later) is required software when installing SQL Express; it is not installed automatically. If this software is missing, you must exit the Setup and acquire and install it manually before proceeding. 7 In the Database Information step, specify your Windows authentication credentials and click Next. 8 If any of the default port assignments are in conflict, you must resolve them by providing alternative ports in the HTTP Port Information step. If no conflicts exist, you will not have the option to modify default port assignments. You must choose the Custom installation option if you need to modify port assignments 9 In the Global Administrator Information step, type the credentials you'll use to log on to your McAfee epo server when installation is complete, then click Next. 10 In the Type License Key step, type your license key and click Next. If you don't have a license key, you can select Evaluation to continue installing the software. The evaluation period is limited to 90 days. You can provide a license key after installation is complete from with in the application. For more information, see the Product Guide or Help. 11 Accept the McAfee End User License Agreement and click OK, then click Install to begin installing the software. 12 When the installation is complete, click Finish to exit the InstallShield Wizard. Your epolicy Orchestrator software is now installed. Double-click on your desktop to start using your McAfee epo server, or browse to the server from a remote web console (https://servername:port). McAfee epolicy Orchestrator Software Installation Guide 17

18 2 Installing McAfee epolicy Orchestrator software Performing Custom installation Performing Custom installation During Custom installation you can modify the installation process at each step. You can specify destination folders and ports using this option. Before you begin Be sure that you have read, understood, and complied with the information in Installation requirements and recommendations. If you select to use an existing SQL Server, or manually install a new SQL Server, gather the following information and complete these steps before beginning your installation to ensure that your McAfee epo software can communicate with the database server: 1 Verify that the SQL Browser Service is running. 2 Ensure that TCP/IP Protocol is enabled in the SQL Server Configuration Manager. 3 Update both the system that will host your epolicy Orchestrator server and your SQL Server with the latest Microsoft security updates, then turn off Windows updates for the duration of the installation process. You must monitor the entire installation process when using the Custom installation process. You might be required to restart your system. Task 1 Using an account with local administrator permissions, log on to the Windows server computer to be used as the epolicy Orchestrator server. 2 Run the Setup program. From the product CD: select a language in the epolicy Orchestrator autorun window, then select Install epolicy Orchestrator 4.6. From software downloaded from the McAfee website: extract files to a temporary location and double-click Setup.exe. The executable is located in the file EPO <build and package numbers>.zip. Do not attempt to run Setup.exe without first extracting the contents of the zip file. The McAfee epolicy Orchestrator - InstallShield Wizard is launched. 3 Click Next to begin the installation process. 4 In the Setup Type step, select Custom and then click Next. 18 McAfee epolicy Orchestrator Software Installation Guide

19 Installing McAfee epolicy Orchestrator software Performing Custom installation 2 5 In the Choose Database Option step, select one of the following and click Next: Microsoft SQL Express Automatically installs SQL Server 2005 Express to the default location defined by Microsoft (C:\Program Files\Microsoft SQL Server). Microsoft SQL Server To specify a previously installed SQL database server. If the server system you are installing on meets any of the following conditions, you cannot install SQL Server 2005 Express locally: 16 or more named instances in an existing, locally installed SQL server. Any version of a SQL Server locally installed that contains an instance with the name EPOSERVER SQL Server 2000 or MSDE 2000 are already installed locally. 6 In the Install additional software step, any remaining prerequisites are listed. To install them, click Next. Microsoft.NET Framework 2.0 (or later) is required software when installing SQL Express; it is not installed automatically. If this software is missing, you must exit the Setup and acquire and install it manually before proceeding. 7 In the Destination Folder step, click: Change Specify a custom destination location for your McAfee epo software. When the Change Current Destination Folder window opens, browse to your desired destination and create any new folders if needed. When finished, click OK. Next Install your McAfee epo software in the default location (C:\Program Files\McAfee \epolicy Orchestrator\). 8 In the Database Information step: If you selected Microsoft SQL Express, specify your Windows authentication credentials and click Next. If you selected Microsoft SQL Server: a b Select the server from the Database Server menu. Specify which type of Database Server Credentials to use, then click Next: Windows authentication 1 From the Domain menu, select the domain of the user account you're going to use to access the SQL Server. 2 Type the User name and Password. If your using a previously installed SQL Server, be sure that the your user account has access. SQL authentication Type the User name and Password for your SQL Server. Be sure that credentials you provide represent an existing user on the SQL Server with appropriate rights. The Domain menu is greyed out when using SQL authentication It might be necessary to type the SQL server TCP port to use for communication between your McAfee epo server and database server (default ports for this communication are 1433 or 1434). McAfee epolicy Orchestrator Software Installation Guide 19

20 2 Installing McAfee epolicy Orchestrator software Performing Cluster installation 9 In the HTTP Port Information step, review the default port assignments. Click Next to verify that the ports are not already in use on this system. You can modify some of these ports at this time. Once your installation is complete, you can change only the Agent wake-up communication port and Agent broadcast communication port. If you need to change your other port settings later, you will have to reinstall your McAfee epo software. For more information about changing port values, see About HTTP port options. 10 In the Global Administrator Information step, type the Username and Password you want to use for your primary Global Administrator account, then click Next. 11 In the Type License Key step, type your license key and click Next. If you don't have a license key, you can select Evaluation to continue installing the software. The evaluation period is limited to 90 days. You can provide a license key after installation is complete from within the application. For more information, see the Product Guide or Help. 12 Accept the McAfee End User License Agreement and click OK, then click Install to begin installing the software. 13 When the installation is complete, click Finish to exit the InstallShield Wizard. Your epolicy Orchestrator software is now installed. Double-click on your desktop to start using your McAfee epo server, or browse to the server from a remote web console (https://servername:port) Performing Cluster installation The epolicy Orchestrator software provides high availability for server clusters with Microsoft Cluster Server (MSCS) software. Installing the software into your Microsoft Cluster Server environment requires you to take additional steps beyond those needed to complete the Express and Custom installations. The installation process depends on the operating system you are installing on. Cluster installation is supported on Windows Server 2003 or Successful installation depends on proper setup of the Microsoft Cluster Server software (MSCS). For more information on MSCS setup, see the Microsoft documentation. Cluster installation terminology The following terminology is used in the cluster installation instructions. Table 2-3 Cluster installation terminology Term Data drive epo Virtual IP address resource Definition One of the two drives required by Microsoft Cluster Server and epolicy Orchestrator software. The data drive is a remote drive that is accessible to all nodes in the cluster, and is the location where you install the epolicy Orchestrator files. The IP address resource that you create as part of the epolicy Orchestrator cluster installation. This virtual IP address represents the McAfee epo cluster installation as a whole. References to this IP address point to the currently active node in your cluster. 20 McAfee epolicy Orchestrator Software Installation Guide

21 Installing McAfee epolicy Orchestrator software Performing Cluster installation 2 Table 2-3 Cluster installation terminology (continued) Term epo Virtual Network Name resource Quorum drive Definition The Network Name resource that you create as part of the epolicy Orchestrator cluster installation. This virtual Network Name represents the McAfee epo cluster installation as a whole. References to this Network Name point to the currently active node in your cluster. One of the two drives required by Microsoft Cluster Server software. The quorum drive is where the MSCS files are installed. Don't install any of the epolicy Orchestrator files on this drive. Cluster installation requirements and prerequisites Before you begin your cluster installation, review this list of requirements and prerequisites, and ensure that each is in place or the information is available. These requirements apply to installations on both Windows Server 2003 and Microsoft Cluster Server is set up and running on a cluster of two or more servers. A quorum drive is present and configured according to Microsoft guidelines. A data drive is present and available to all nodes in the cluster. A supported remote SQL Server is configured. To confirm that the epolicy Orchestrator software can communicate with this server during installation: Verify that the SQL Browser Service is running. Ensure that TCP/IP Protocol is enabled in the SQL Server Configuration Manager. You might need to provide the following details during the installation process (depending on your configuration), on the Database Information page: The name of your SQL Server. Depending on it's configuration, this name should be formatted using the SQL Server name or the SQL Server name with instance name. The dynamic port number, if any, used by your SQL Server. You must specify the dynamic port number during the installation process, on the Database Information page. Installing on Windows Server 2003 Installing epolicy Orchestrator software in a cluster environment running Windows 2003 Server systems requires that you complete each of these tasks in the order listed. Before you begin Update the systems that will host your epolicy Orchestrator server and your SQL Server with the latest Microsoft security updates, then turn off Windows updates for the duration of the installation process. McAfee epolicy Orchestrator Software Installation Guide 21

22 2 Installing McAfee epolicy Orchestrator software Performing Cluster installation Tasks Creating the epolicy Orchestrator application group on page 22 The epolicy Orchestrator application group is required to separate the epolicy Orchestrator application from the Microsoft Cluster Services in your cluster environment. Adding the data drive on page 22 The data drive is the location where you install the epolicy Orchestrator software. Use a remote drive that all nodes in your cluster can access. Adding the epolicy Orchestrator virtual IP address resource on page 23 The epolicy Orchestrator virtual IP address resource represents the McAfee epo cluster installation as a whole. References to this IP address point to the currently active node in your cluster. Adding the epolicy Orchestrator virtual Network Name resource on page 23 The epolicy Orchestrator virtual Network Name resource represents the McAfee epo cluster installation as a whole. References to this Network Name point to the currently active node in your cluster. Installing epolicy Orchestrator software on each node on page 23 Run the Cluster installation on each of the nodes. To ensure that each node has exclusive access to the quorum and data drives during installation, shut down all other nodes in the cluster. Creating the Generic Service resources on page 24 The Generic Service resources enable the cluster server to control the epolicy Orchestrator server, by starting and stopping the epolicy Orchestrator services. Creating the epolicy Orchestrator application group The epolicy Orchestrator application group is required to separate the epolicy Orchestrator application from the Microsoft Cluster Services in your cluster environment. Task 1 To open the Cluster Administrator on the active node, click Start All Programs Administrative Tools Cluster Administrator. 2 Right-click Groups in the System Tree, then select New Group. 3 In the New Group dialog box, type the Name and Description of the group. For example, epo. Then click Next. 4 In the Preferred Owners dialog box, identify the owners of the group. Select the desired node under Available Nodes, then click Add. Repeat until all owners are added, then click Next. 5 Click Finish. Adding the data drive The data drive is the location where you install the epolicy Orchestrator software. Use a remote drive that all nodes in your cluster can access. Task 1 In the Cluster Administrator, right-click the epo group, then select New Resource. 2 In the New Resource dialog box, type the Name and Description of the resource, for example, Data Drive. 3 From the Resource type drop-down list, select Physical Disk. 22 McAfee epolicy Orchestrator Software Installation Guide

23 Installing McAfee epolicy Orchestrator software Performing Cluster installation 2 4 Ensure that epo is the selected group, then click Next. 5 In the Possible Owners dialog box, identify the owners of the resource. Select the desired node, then click Add. Repeat until all owners are added, then click Next. 6 In the Dependencies dialog box, click Next. 7 In the Disk pull-down list, select the disk and click Finish. Adding the epolicy Orchestrator virtual IP address resource The epolicy Orchestrator virtual IP address resource represents the McAfee epo cluster installation as a whole. References to this IP address point to the currently active node in your cluster. Task 1 In the Cluster Administrator, right-click the epo group, then select New Resource. 2 In the New Resource dialog box, type the Name and Description of the resource, for example, epo IP Address. 3 From the Resource type drop-down list, select IP Address. 4 Ensure that epo is the selected group, then click Next. 5 In the Possible Owners dialog box, identify the owners of the resource. Select the desired node, then click Add. Repeat until all owners are added, then click Next. 6 No information is required in the Dependencies dialog box. Click Next. 7 Type the virtual IP address and subnet mask for the epo virtual IP address resource, then click Finish. Adding the epolicy Orchestrator virtual Network Name resource The epolicy Orchestrator virtual Network Name resource represents the McAfee epo cluster installation as a whole. References to this Network Name point to the currently active node in your cluster. Task 1 In the Cluster Administrator, right-click the epo group, then select New Resource. 2 In the New Resource dialog box, type the Name and Description of the resource, for example, epo Server Name. 3 From the Resource type drop-down list, select Network Name. 4 Ensure that epo is the selected group, then click Next. 5 In the Possible Owners dialog box, identify the owners of the resource. Select the desired node, then click Add. Repeat until all owners have been added, then click Next. 6 In the Dependencies dialog box, select IP Address, then click Next. 7 Provide the virtual server name for the epolicy Orchestrator virtual Network Name resource, then click Finish. Installing epolicy Orchestrator software on each node Run the Cluster installation on each of the nodes. To ensure that each node has exclusive access to the quorum and data drives during installation, shut down all other nodes in the cluster. McAfee epolicy Orchestrator Software Installation Guide 23

24 2 Installing McAfee epolicy Orchestrator software Performing Cluster installation Task 1 Double click Setup.exe in the installation folder. 2 Follow the wizard until you reach the Setup Type page, then select the Cluster option and click Next. 3 In the Choose Destination Location page, specify the path for the shared data drive and click Next. Use this same path for each node. 4 In the Set Virtual Server Settings page (on the first node only), provide the following identifying information for the McAfee epo cluster: The epolicy Orchestrator Virtual Server IP address The epolicy Orchestrator Virtual Cluster name The epolicy Orchestrator Virtual Cluster FQDN This information is automatically provided on subsequent nodes. 5 Complete the installation on the first node as described in Performing Custom installation. 6 Repeat this task for each node in your cluster. Creating the Generic Service resources The Generic Service resources enable the cluster server to control the epolicy Orchestrator server, by starting and stopping the epolicy Orchestrator services. You must create and add three Generic Service resources for use with your clustered epolicy Orchestrator server. Use the following table and task to configure each resource. Be sure to create the resource in the order listed in the table. Table 2-4 Generic Service resource configurations Resource Service Dependency epolicy Orchestrator Application Server MCAFEETOMCATSRV250 Data drive epolicy Orchestrator Server MCAFEEAPACHESRV epolicy Orchestrator Application Server epolicy Orchestrator Event Parser MCAFEEEVENTPARSERSRV epolicy Orchestrator Server Task 1 In the Cluster Administrator, right-click the epo group, then select New Resource. 2 In the New Resource dialog box, type the Name of the resource. 3 Set the Resource type to Generic Service. 4 Set the group to epo and click Next. 5 In the Possible Owners dialog box, ensure that all cluster nodes are added to the Possible Owners, then click Next. 24 McAfee epolicy Orchestrator Software Installation Guide

25 Installing McAfee epolicy Orchestrator software Performing Cluster installation 2 6 In the Dependencies dialog box, specify the dependency for each service. Refer to the Generic Service resource configurations table above for each dependency. 7 In the Generic Service Parameter dialog box, type the Service Name for each service. Leave the Start Parameters field blank, then click Finish. Installing on Windows Server 2008 Installing epolicy Orchestrator software in a cluster environment running Windows 2008 Server systems requires that you complete each of these tasks in order listed. Before you begin Update the systems that will host your epolicy Orchestrator server and your SQL Server with the latest Microsoft security updates, then turn off Windows updates for the duration of the installation process. Tasks Creating the epolicy Orchestrator application group on page 25 The epolicy Orchestrator application group is required to separate the epolicy Orchestrator application from the Microsoft Cluster Services in your cluster environment. Creating the Client Access Point on page 25 The Client Access Point defines the epolicy Orchestrator Virtual IP address and Virtual Network names so your cluster nodes can communicate with your McAfee epo server. Adding the data drive on page 26 The data drive is the location where you install the epolicy Orchestrator software. Use a remote drive that all nodes in your cluster can access. Creating the Generic Service resources on page 26 The Generic Service resources enable the cluster server to control the epolicy Orchestrator server, by starting and stopping the epolicy Orchestrator services. Creating the epolicy Orchestrator application group The epolicy Orchestrator application group is required to separate the epolicy Orchestrator application from the Microsoft Cluster Services in your cluster environment. Task 1 Open the Failover Cluster Management tool on the active node by clicking Start Programs Administrative Tools Failover Cluster Management. 2 Right-click Services and Applications in the cluster management tree, then select More Actions Create Empty Service or Application. 3 Right-click New service or application and Rename the Application Group to epo. Creating the Client Access Point The Client Access Point defines the epolicy Orchestrator Virtual IP address and Virtual Network names so your cluster nodes can communicate with your McAfee epo server. Task 1 Right-click the epo group and select Add a resource Client Access Point. The Client Access Point Wizard appears. 2 Type the epolicy Orchestrator Virtual Name in the Name field and specify the epolicy Orchestrator Virtual IP address in the Address field, then click Next. The Confirmation page appears. McAfee epolicy Orchestrator Software Installation Guide 25

26 2 Installing McAfee epolicy Orchestrator software Performing Cluster installation 3 Click Next to allow the Client Access Point to be configured, then click Finish when the wizard is complete. 4 If the Client Access Point is offline, right-click the name and choose Bring this resource online. Adding the data drive The data drive is the location where you install the epolicy Orchestrator software. Use a remote drive that all nodes in your cluster can access. Task 1 Right-click the epo Application Group and select Add Storage. 2 In the Add Storage dialog box, select the data drive to be used for your epolicy Orchestrator installation and click OK. Installing epolicy Orchestrator software on each node Run the Cluster installation on each of the nodes. To ensure that each node has exclusive access to the quorum and data drives during installation, shut down all other nodes in the cluster. Task 1 Double click Setup.exe in the installation folder. 2 Follow the wizard until you reach the Setup Type page, then select the Cluster option and click Next. 3 In the Choose Destination Location page, specify the path for the shared data drive and click Next. Use this same path for each node. 4 In the Set Virtual Server Settings page (on the first node only), provide the following identifying information for the McAfee epo cluster: The epolicy Orchestrator Virtual Server IP address The epolicy Orchestrator Virtual Cluster name The epolicy Orchestrator Virtual Cluster FQDN This information is automatically provided on subsequent nodes. 5 Complete the installation on the first node as described in Performing Custom installation. 6 Repeat this task for each node in your cluster. Creating the Generic Service resources The Generic Service resources enable the cluster server to control the epolicy Orchestrator server, by starting and stopping the epolicy Orchestrator services. You must add three Generic Service resources for use with your clustered epolicy Orchestrator server. Use the following table and task to configure each resource. Be sure to create the resources in the order they are listed in the table. 26 McAfee epolicy Orchestrator Software Installation Guide

27 Installing McAfee epolicy Orchestrator software Performing Cluster installation 2 Table 2-5 Generic Service resource configurations Resource Properties: General tab Properties: Dependencies tab epolicy Orchestrator Application Server epolicy Orchestrator Server No changes necessary Remove the Startup parameters and add a blank space. Apache will not start with any startup parameters specified, and an empty entry is not permitted. Therefore, a blank space is required. Data drive epolicy Orchestrator Application Server epolicy Orchestrator Event Parser No changes necessary epolicy Orchestrator Application Server Task 1 In the Cluster Administrator, right-click the epo Application Group and select Add a resource Generic Service. 2 On the Select Service Wizard, select a resource and click Next. 3 In the Confirmation page, click Next to allow the service to be created. When the Wizard is complete, click Finish. 4 Right-click the resource you've just created and select Properties. In the Properties dialog box set the properties specified in the Generic Service resource configurations table. 5 Repeat this task for each generic service resource. Testing the epolicy Orchestrator cluster installation When the epolicy Orchestrator cluster is set up and online, use this task to ensure that the software functions in a failover situation. Task 1 Restart the system functioning as the active node. The passive node automatically becomes the active node. The amount of time required for the passive node to become active depends on your unique environment. 2 Manually refresh your browser session. If failover is successful, you are redirected to the epolicy Orchestrator log on page. McAfee epolicy Orchestrator Software Installation Guide 27

28 2 Installing McAfee epolicy Orchestrator software Performing remote Agent Handler installation Performing remote Agent Handler installation Each epolicy Orchestrator server contains a master Agent Handler. Installing additional remote Agent Handlers can help manage an increased number of products and systems managed by a single, logical epolicy Orchestrator server in situations where the CPU on the database server is not overloaded. Remote Agent Handlers require the same high-speed network access to your database as the primary epolicy Orchestrator server. You can use additional IP addresses for agent-server communication by creating an Agent Handler group, and adding the additional IP address to the virtual IP address input field. For more information, see Working with Agent Handlers in the Product Guide or Help. Installing remote Agent Handlers You can install Agent Handlers throughout your environment to help manage agent-to-server communication and load balancing. You can install remote Agent Handlers at any time. Before you begin Update the system with the latest Microsoft security updates, then turn off Windows updates for the duration of the installation process. Task 1 Open the folder where you extracted the contents of the epolicy Orchestrator software installation package. 2 Copy the Agent Handler folder to the intended Agent Handler server system. 3 Double-click Setup.exe to launch the McAfee Agent Handler InstallShield Wizard. After some installation activities take place in the background, the InstallShield Wizard opens. Click Next to begin the installation process. 4 After accepting the terms in the license agreement, the Destination Folder step opens. 5 Accept the default destination or click Change to select a different destination, then click Next. The destination path must not contain double-byte characters. This is a limitation of the Apache web server. Using double-byte characters causes the installation to fail and the Apache web server service to fail on startup. 28 McAfee epolicy Orchestrator Software Installation Guide

29 Installing McAfee epolicy Orchestrator software Completing a first-time installation 2 6 The Server Information step opens. a Type the machine name of the McAfee epo server with which the Agent Handler must communicate. b Specify which port to use for Agent Handler-to-server communication. The default port is 8444, the same port used for Client-to-server authenticated communication. Using the default port enables Agent Handler-to-server communication to be performed using only port You can optionally specify port 8443, the Console-to-application server communication port, but doing so requires that port 8444 continues to be available for Agent Handler communication. c d e Type the epo Admin User name and epo Admin Password of a user with epolicy Orchestrator Global Administrator privileges. Click Next to use the epo Admin credentials to access the database as well; be sure they are assigned the appropriate SQL Server role and permissions. Deselect Use epo Server's database credentials and click Next to use different credentials to access the database. In the Database Information page, specify the following and click Next: Database Server with instance name. For example, DB-SERVER\SERVERNAME. Authentication type. Domain name where the database server is hosted. User name and Password. Database name if not provided automatically. 7 Click Install to start the installation. Once installation is complete, you must enable your remote Agent Handler from within the epolicy Orchestrator interface. For more information on how to enable your Remote Agent Handler, see Working with Agent Handlers in the Product Guide and Help. Completing a first-time installation Once you have completed the installation process, you must configure your epolicy Orchestrator server. You can use the epolicy Orchestrator Guided Configuration to set up your server and managed environment. This configuration tool is an overlay to existing features and functionality intended to help you get your server up and running quickly. For more information, see Using the Guided Configuration tool in the Product Guide or Help. McAfee epolicy Orchestrator Software Installation Guide 29

30

31 3 Upgrading 3 McAfee epolicy Orchestrator software You can upgrade version 4.0 Patch 7 or version 4.5 Patch 3 or later of epolicy Orchestrator software to version 4.6. Contents Things to know before upgrading Upgrading your epolicy Orchestrator server Upgrading your epolicy Orchestrator cluster server Upgrading your remote Agent Handlers Things to know before upgrading To successfully complete an upgrade, you need to prepare your environment. Review this content before beginning your upgrade. You need to: Review the unsupported products list. Back up all epolicy Orchestrator databases. Back up the entire epolicy Orchestrator directory. Disable any remote Agent Handlers in your environment. Turn off Windows updates before you begin your upgrade. Be sure that you have read, understood, and complied with the requirements and recommendations detailed in Installation requirements and recommendations before you begin the upgrade. Supported and unsupported products Review the products epolicy Orchestrator supports before completing your installation or upgrade. To view an updated list of supported and unsupported products, see one of the following KnowledgeBase articles: McAfee epo Supported Products KB69814 (https://kc.mcafee.com/corporate/index? page=content&id=kb69814) McAfee epo Unsupported Products KB69815 (https://kc.mcafee.com/corporate/index? page=content&id=kb69815) McAfee epolicy Orchestrator Software Installation Guide 31

32 3 Upgrading McAfee epolicy Orchestrator software Things to know before upgrading Backing up epolicy Orchestrator databases and directories Before you upgrade your software, back up all epolicy Orchestrator databases, as well as the epolicy Orchestrator directory. Details on performing these tasks are available in the following KnowledgeBase articles: epolicy Orchestrator 4.0 KB51438 (https://kc.mcafee.com/corporate/index? page=content&id=kb51438) epolicy Orchestrator 4.5 KB66616 (https://kc.mcafee.com/corporate/index? page=content&id=kb66616) Disabling remote Agent Handlers before upgrading If you're upgrading from epolicy Orchestrator 4.5 and you use remote Agent Handlers in your environment, you must disable them in order to successfully complete your upgrade. Once your remote Agent Handlers are disabled, you can upgrade your server. Once complete, you also need to upgrade your Agent Handlers. See Upgrading remote Agent Handlers for more information. Task 1 In the epolicy Orchestrator 4.5 software interface, click Menu Configuration Agent Handlers, then click the Agent Handlers link in the Handler Status monitor to open the Handler List page. 2 In the Handler List page, click Disable for each remote Agent Handler you have installed. 3 Log on to the system where the Agent Handler is installed, then open the Windows Services panel and stop the McAfee Event Parser and McAfee Apache services. For more information on using the Windows Services panel, see your Microsoft software product documentation. 32 McAfee epolicy Orchestrator Software Installation Guide

Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

Reference Guide epolicy Orchestrator Log Files For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,

Release Notes for McAfee epolicy Orchestrator 4.5 About this document New features Known Issues Installation, upgrade, and migration considerations Considerations when uninstalling epolicy Orchestrator

Sample deployment architecture For this guide, we have provided a deployment architecture example. This example includes an IronPort Email Gateway sending outbound email, and the McAfee Email Gateway Encryption

Best Practices Guide McAfee epolicy Orchestrator for use with epolicy Orchestrator versions 4.5.0 and 4.0.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be

McAfee Agent Handler COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into

Pearl Echo Installation Checklist Use this checklist to enter critical installation and setup information that will be required to install Pearl Echo in your network. For detailed deployment instructions

McAfee Security 1.0 User Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated

McAfee Total Protection Service Installation Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

Release Notes for Host Intrusion Prevention 8.0 About this document New features Known issues Finding product documentation About this document Thank you for choosing this McAfee product. This document

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

User Help McAfee Total Protection Service for Microsoft Windows Home Server COPYRIGHT Copyright 2008 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

Change Reconciliation and Ticket-based Enforcement COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

User Guide McAfee Total Protection Service for Microsoft Windows Home Server COPYRIGHT Copyright 2008 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

Implementing McAfee Device Control Security COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,

Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,

Product Guide Revision McAfee SiteAdvisor Enterprise 3.5.0 for use with epolicy Orchestrator 4.5 4.6 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,

TANDBERG MANAGEMENT SUITE 10.0 Installation Manual Getting Started D12786 Rev.16 This document is not to be reproduced in whole or in part without permission in writing from: Contents INTRODUCTION 3 REQUIREMENTS

Reconfiguring VMware vsphere Update Manager vsphere Update Manager 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

NovaBACKUP xsp Version 15.0 Upgrade Guide NovaStor / November 2013 2013 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject

McAfee Security for Microsoft SharePoint 2.5.0 User Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

McAfee VirusScan Enterprise for Storage.0 Sizing Guide for NetApp Filer on Data ONTAP 7.x COPYRIGHT Copyright 200 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

SMART Vantage Installation guide Product registration If you register your SMART product, we ll notify you of new features and software upgrades. Register online at smarttech.com/registration. Keep the

Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable for any problems arising from

Sharpdesk V3.5 Push Installation Guide for system administrator Version 3.5.01 Copyright 2000-2015 by SHARP CORPORATION. All rights reserved. Reproduction, adaptation or translation without prior written

Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this